Support in other languages: 
Showing results for 
Search instead for 
Do you mean 
Reply
Punch Card
MikeD001
Posts: 10
Registered: ‎05-14-2011
Location: USA
0
Accepted Solution

Is Lenovo Fingerprint Software = Upek Protector ?

I just found this article about Upek Protector suite being vulnerable to hacking of the registry stored password.   My W520 comes with an AuthenTec (who bought UPEK) TouchChip Fingerprint Coprocessor.

 

http://arstechnica.com/security/2012/09/windows-passwords-exposed/

 

The Lenovo Fingerprint Software looks like a rebranded version of Upek Protector Suite.  Is this true?

Fanfold Paper
Eclipsed830
Posts: 10
Registered: ‎07-11-2012
Location: Cleveland
0

Re: Is Lenovo Fingerprint Software = Upek Protector ?

Any and every kind of password utility can be and is hackable. 

Fanfold Paper
critical_
Posts: 22
Registered: ‎08-07-2012
Location: California
0

Re: Is Lenovo Fingerprint Software = Upek Protector ?


Eclipsed830 wrote:

Any and every kind of password utility can be and is hackable. 


True but this is an egregious fault that Lenovo needs to take very seriously.

Administrator
Mark_Lenovo
Posts: 7,992
Registered: ‎11-19-2007
Location: RTP, North Carolina
0

Re: Is Lenovo Fingerprint Software = Upek Protector ?

All,

 

We are aware of the article and are investigating the report.

 

Thanks

 

Mark

____________________________________________

ThinkPads: S30, T43, X60t, X1, W700ds, IdeaPad Y710, IdeaCentre: A300, IdeaPad K1
Mark Hopkins
Program Manager, Lenovo Social Media (Services)
twitter @lenovoforums
English English Community   Deutsche Deutsche Community   Español Comunidad en Español   ru.gif Русскоязычное Сообщество
What's DOS?
tgrmas
Posts: 1
Registered: ‎09-21-2012
Location: Germany
0

Re: Is Lenovo Fingerprint Software = Upek Protector ?

Hi there,

since some time passed by, is there any new information regarding this topic? As our security goes nuts, we´re trying to confirm or deny wether or not the Lenovo fingerprint software is a rebranded version of the Upek Protector .

Best regards.
Administrator
Mark_Lenovo
Posts: 7,992
Registered: ‎11-19-2007
Location: RTP, North Carolina
0

Re: Is Lenovo Fingerprint Software = Upek Protector ?

[ Edited ]

tgrmas,

 

Thanks for the prompt - I had been meaning to get back to this topic...

 

Our engineering team responsible for the fingerprint scanner worked with AuthenTec (who purchased Upek) and shared the following summary based on AuthenTec and our own analysis...

 

"We agree with AuthenTec's position that the attack on users' Windows passwords is not as trivial as the article claims. Any tool that would execute the attack would need to be run with Administrator privileges -- an access level that would let any number of security hacks, such as keyloggers, to be run. AuthenTec will provide a software patch that will protect against attacks to their encryption algorithm, and will resolve the reported issue. We are working with AuthenTec to port this patch to our ThinkVantage Fingerprint Software (TFS). This patch which will be backward compatible with existing versions of TFS, and will soon be made available for our customers on the Lenovo website and as a critical update on ThinkVantage System Update."

 

I'll update here with links once the patch is available for download (or through TVSU).

 

EDIT 10/1/12 Patch now available for download here.  

 

Thanks,

 

Mark

 

 

 

 

____________________________________________

ThinkPads: S30, T43, X60t, X1, W700ds, IdeaPad Y710, IdeaCentre: A300, IdeaPad K1
Mark Hopkins
Program Manager, Lenovo Social Media (Services)
twitter @lenovoforums
English English Community   Deutsche Deutsche Community   Español Comunidad en Español   ru.gif Русскоязычное Сообщество
802.11n
huberth
Posts: 539
Registered: ‎07-08-2009
Location: USA
0

Re: Is Lenovo Fingerprint Software = Upek Protector ?

I found this on the Lenovo site dated (18 Sep 2012): Thinkvantage Update suggests  it as an optional install. (No previous version installed)  What is it for? Would I need it if I use a non-Lenovo password manager (LastPass for example). -------------------------------------------------------------------------------------------------------------------------------------------Fingerprint Software for Windows 7 (64-bit) & Windows 8 (64-bit) - ThinkPad, ThinkCentre, ThinkStationhttp://support.lenovo.com/en_US/downloads/detail.page?DocID=DS029769 ThinkVantage Fingerprint Software is a desktop security and convenience product. Its components provide a sophisticated security architecture protecting your computer from attacks by unauthorized persons. ThinkVantage Fingerprint Software offers top-level user convenience, it is easy to install and easy to use.

ThinkVantage Fingerprint Software enables:

  • reliable user authentication based on fingerprint recognition
  • boot protection using fingerprints
  • easy access to a computer using fingerprints (Logon Protector)

 Version 5.9.7.7226

  • [Important updates] New WBF driver 1.6.0.331 (for Windows 8) & 1.5.0.328 (for Windows 7)
    • ADD: New WBF driver for fingerprint devices connected via SPI 4.0.0.89
    • ADD: smihlp driver signed for Win8
    • CHG: Biometric feedbacks removed from Tutorial
  • [New Functions or Enhancements]
    • CHG: Fingerprint logon speed improved
    • CHG: Removed .NET3 check from setup on Win8
  • [Problem(s) fixed]
    • PR48498 : NULL_CLASS_PTR_WRITE_c0000005_infql2.dll!Unknown , Hits: 5009
    • (FIX): Minor localization typos fixed
    • (FIX): Control Center window hang fixed
    • (FIX): Logon does not work when change password dialog is cancelled (14071)
    • (FIX): Trimmed text in Passsword Manager dialog (13441)
    • (FIX): SSO sometimes failed after resume via POA (ECR129292)
    • (FIX): "Always show power-on security options" disappeared from Settings on ThinkCentre systems (13871)
    • (FIX): default intruder lockout set to 5 attempts (13904)
    • (FIX): show warning prompt before importing passport also for domain users (14068)
    • (CHG): Program Folders combo is disabled when Add Program icon is not selected in TFS setup wizard (13745)

 System requirements

ThinkVantage Fingerprint Software can be installed on any computer with the following requirements:

  • Windows 7 operating system
  • Latest version of the BIOS
  • 1.5 GB of free hard disk drive space
  • 512 MB of memory (recommended)
  • 8 MB of VRAM (Video Random Access Memory) shared memory set in the BIOS
  • Upgrade and compatibility: None

Administrator rights are required to install or uninstall ThinkVantage Fingerprint Software.

Note: If using SafeGuard Enterprise (SGN) 5.5 and Windows 7 you should use UPEK FPR SW 5.8.6.6874 instead of 5.9.7.

_______________________________________________________________________
W520 4270CTO i7-2820QM Quadro2000M 1920x1080 Display 16GB RAM 2x240GB Intel 510 SSDs (RAID 0) - BIOS 1.42 - PCMark7:4,568
Samsung Series 9 15-inch NP900X4C-A03US - PCMark7: 4674
Guru
harrisb
Posts: 1,028
Registered: ‎04-20-2008
Location: Cary, NC
0

Re: Is Lenovo Fingerprint Software = Upek Protector ?

[ Edited ]

Patch is now available on TVSU as of 9/26/12 (5.9.7.7261)

W520, i7-2820QM, BIOS 1.42, 1920x1080 FHD, 32 GB RAM, 2000M NVIDIA GPU, Samsung 840 Pro 480GB SSD, Hitachi 1TB 7200rpm HDD, WD 2TB USB 3.0, eSata Plextor PX-LB950UE BluRay

W520, i7-2760QM, BIOS 1.42 1920x1080 FHD, 32 GB RAM, 1000M NVIDIA GPU, Crucial M500 480GB mSata SSD, Hitachi 500GB HDD, WD 2TB USB 3.0
802.11n
huberth
Posts: 539
Registered: ‎07-08-2009
Location: USA
0

Re: Is Lenovo Fingerprint Software = Upek Protector ?


harrisb wrote:

Patch is now available on TVSU as of 9/26/12 (5.9.7.7261)


My TVSU (ThinkVantage System Update) offers me Version 5.9.7.7226.

 

ThinkVantage System Update also says "no previous version installed"

 

But my fingerprint reader works OK for logon and with LastPass.

 

What does Lenovo Fingerprint Softwar software do?

 

Do I even need it if I have LastPass?

 

I am confused ...

_______________________________________________________________________
W520 4270CTO i7-2820QM Quadro2000M 1920x1080 Display 16GB RAM 2x240GB Intel 510 SSDs (RAID 0) - BIOS 1.42 - PCMark7:4,568
Samsung Series 9 15-inch NP900X4C-A03US - PCMark7: 4674
Guru
harrisb
Posts: 1,028
Registered: ‎04-20-2008
Location: Cary, NC
0

Re: Is Lenovo Fingerprint Software = Upek Protector ?

That's because you need the latest base code upon which to install the patch. The Lenovo Fingerprint software works with the Password Manager and BIOS system login. Other Windows applications can enable the biometric devices on the system, but they will not interface with the BIOS on the W520.

W520, i7-2820QM, BIOS 1.42, 1920x1080 FHD, 32 GB RAM, 2000M NVIDIA GPU, Samsung 840 Pro 480GB SSD, Hitachi 1TB 7200rpm HDD, WD 2TB USB 3.0, eSata Plextor PX-LB950UE BluRay

W520, i7-2760QM, BIOS 1.42 1920x1080 FHD, 32 GB RAM, 1000M NVIDIA GPU, Crucial M500 480GB mSata SSD, Hitachi 500GB HDD, WD 2TB USB 3.0